Repository: hadoop
Updated Branches:
refs/heads/branch-2 fb8bd4d2d -> 5933068e7
HADOOP-13102. Update GroupsMapping documentation to reflect the new changes. Contributed by
Esther Kundin.
(cherry picked from commit 075358eb6fff5ae4a40ac4dfde292e2a9a4ceddf)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/5933068e
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/5933068e
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/5933068e
Branch: refs/heads/branch-2
Commit: 5933068e7074bf67f7cfc38e5a1a89b1767c190c
Parents: fb8bd4d
Author: Anu Engineer <aengineer@apache.org>
Authored: Wed Oct 11 15:58:20 2017 -0700
Committer: Anu Engineer <aengineer@apache.org>
Committed: Wed Oct 11 16:15:59 2017 -0700
----------------------------------------------------------------------
.../hadoop-common/src/site/markdown/GroupsMapping.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5933068e/hadoop-common-project/hadoop-common/src/site/markdown/GroupsMapping.md
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/site/markdown/GroupsMapping.md b/hadoop-common-project/hadoop-common/src/site/markdown/GroupsMapping.md
index 89aca16..806ed54 100644
--- a/hadoop-common-project/hadoop-common/src/site/markdown/GroupsMapping.md
+++ b/hadoop-common-project/hadoop-common/src/site/markdown/GroupsMapping.md
@@ -85,9 +85,10 @@ This file should be readable only by the Unix user running the daemons.
It is possible to set a maximum time limit when searching and awaiting a result.
Set `hadoop.security.group.mapping.ldap.directory.search.timeout` to 0 if infinite wait period
is desired. Default is 10,000 milliseconds (10 seconds).
+This is the limit for each ldap query. If `hadoop.security.group.mapping.ldap.search.group.hierarchy.levels`
is set to a positive value, then the total latency will be bounded by max(Recur Depth in LDAP,
`hadoop.security.group.mapping.ldap.search.group.hierarchy.levels` ) * `hadoop.security.group.mapping.ldap.directory.search.timeout`.
-The implementation does not attempt to resolve group hierarchies. Therefore, a user must
be an explicit member of a group object
-in order to be considered a member.
+`hadoop.security.group.mapping.ldap.base` configures how far to walk up the groups hierarchy
when resolving groups.
+By default, with a limit of 0, in order to be considered a member of a group, the user must
be an explicit member in LDAP. Otherwise, it will traverse the group hierarchy `hadoop.security.group.mapping.ldap.search.group.hierarchy.levels`
levels up.
### Active Directory ###
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org